Privacy statement

UNLESS YOU ARE A RESIDENT OF THE EUROPEAN UNION OR OTHER DATA SUBJECT UNDER THE GDPR
(AS DEFINED BELOW), WHEN YOU ACCESS THIS WEBSITE OR USE OUR ONLINE SERVICES YOU AGREE
TO THIS PRIVACY STATEMENT. IF YOU DO NOT AGREE TO THIS PRIVACY STATEMENT, OR TO ANY
CHANGES WE MAY SUBSEQUENTLY MAKE, YOU SHOULD STOP ACCESSING THIS WEBSITE OR USING
OUR ONLINE SERVICES.

1. Overview

HDI Global SE (“HDI,” “we,” “us,” or “our”) operates this website, and related pages and content (collectively, this “Website”), and the services and other offerings available through this Website (collectively, the “Services”). Your privacy is important to us, which is why we have developed this Privacy Statement to explain our practices regarding our collection, use, sharing, and safekeeping of personal data that we obtain from users of this Website and the Services.

2. Personal Data We Collect

We may collect and process the following personal data about you:

2.1 Information that you give us. This includes information that you may give us so we can provide you with access to this Website or Services and may include your name, e-mail address, phone number and other information necessary to use this Website or Services. Examples of ways you may give us information include but are not limited to:

2.1.1 Through our contact form. If you wish to send us a message, you may use our contact form. Data you have entered into the contact form such as name, e-mail address, insurance policy number, and message submitted, is stored and used only for the purpose of our individual communication with you. This communication is performed by our branch office determined by your choice of country and/or language. After completion of the communication process, your personal data will be, as a general rule, deleted.

2.1.2 Through our offer calculator/online booking system. Data entered into one of our calculators or online booking systems is stored and used exclusively for the purposes of offer and policy preparation. We are assisted with this by external service providers which are subject to existing data protection agreements in accordance with applicable legal requirements. Data protection information for specific services or products is made available - if necessary - when using the calculators or the online booking system.

2.1.3 Through registration for certain Services. Certain Services on this Website require your registration, such as the “Insurance Certificate Online” for our transportation insurance, or the “bAVnet”, with which our customers can manage their contracts for company pension plans.

2.2 Information that we collect automatically. Upon each visit to this Website, your browser automatically sends information to the servers of this Website, which information is temporarily stored in a so-called log file. The following data is recorded without any action on your part and stored until automatic deletion:

2.2.1 IP address of the computer issuing the request;

2.2.2 date and time of access;

2.2.3 name and URL of the file(s) accessed/retrieved;

2.2.4 website which directed you to this Website (referrer page);

2.2.5 operating system and browser employed; and

2.2.6 name of your internet access provider.

Collecting and processing of this data takes place to make the use of this Website possible (for establishing the connection), to ensure continuous system security and stability, to allow for technical administration of our network infrastructure and optimization of this Website, as well as for internal statistical use. The IP address is only used for statistical purposes, as well as in case of an attack on our network infrastructure.

3. Why We Collect Personal Data and What We Do With It

3.1 When you provide your personal data to us, we will make reasonable efforts to ensure that the purpose for which you are providing that personal data is clear.

3.2 Depending on who you are and your relationship with us, we may process your personal data as follows:

3.2.1 to carry out our obligations to you from your use of this Website, the Services or under another agreement with you;

3.2.2 to administer your account with us;

3.2.3 to provide you with information about our products, this Website, the Services and any other services we provide;

3.2.4 to administer this Website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;

3.2.5 to allow you to participate in interactive features of the this Website or the Services, when you choose to do so;

3.2.6 internally, to inform decisions about our business operations and strategy; and

3.2.7 to contact you from time to time to market any other services we provide and we think may be of interest to you.

4. Who We Share Your Personal Data With

4.1 We may disclose your personal data:

4.1.1 to business partners, suppliers and sub-contractors for the performance of any contract we or you enter into with them or to fulfill the Services to you;

4.1.2 to our customers in order to allow them to use the Services;

4.1.3 in the event that we sell or transfer any part of our business or assets (whether by merger, asset sale or otherwise), in which case we may disclose and transfer your personal data to the prospective buyer of such business or assets;

4.1.4 if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request; and

4.1.5 to third parties to enforce agreements between us or to investigate potential breaches of those agreements or to protect the rights, property or safety of our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

5. Security Measures for this Website

5.1 We implement a variety of technical, administrative and organizational security measures for this Website and the Services that we believe are commercially reasonable to help us maintain the safety of your personal data that you provide to us.

5.2 You are responsible for keeping confidential any access credentials you may have for this Website or the Services, including password(s), and you should not share your password(s) with anyone.

5.3 Notwithstanding the above, you should be aware that the transmission of information via the Internet is not completely secure. Although we will use commercially reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted using the Services or this Website, and as a result, any transmission of personal data is at your own risk.

Cookies and web analysis

6. Use of Cookies

6.1 We are continuously working on improving and optimizing this Website and the Services. Logging your access to our website into log files, as well as employing cookies and web analysis, helps us to provide you with a pleasant experience when you browse this Website and enables you to use the Services.

6.2 Cookies are automatically stored onto your computer when you visit this Website. Cookies are text files which contain a pseudonymized alias and thus do not permit any form of attribution to a specific person. Only we are able to read these cookies.

6.3 The cookies that we employ may be categorized as follows: generally required cookies, function-related cookies, and service-related cookies.

6.3.1 Generally required cookies are used to make this Website user-friendly. Certain actions you perform are stored for the duration of the respective visit to this Website with the purpose of optimizing your user experience. For example, your entries to the calculator are stored so you do not have to re-enter them. These cookies are deleted when you close/exit the browser.

6.3.2 Function-related cookies enable us to adjust this Website to the personal preferences of our users. As an example, we store the settings the user makes (e.g., country or language).

6.3.3 Service-related cookies help us to measure usage of this Website. With these cookies, we can determine which areas of this Website are visited most frequently. This information helps us to identify potentials to further improve this Website.

6.4 As a user of this Website, you are asked to select your own privacy settings to determine if you accept or reject cookies, or wish to be notified about receiving a new cookie. In addition, you can delete previously stored cookies. If you delete your cookies, this may result in opt-out cookies being deleted. The affected opt-outs must then be reactivated to become effective again. Deactivating cookies may lead to parts of our website not being fully functional or not being displayed correctly. Additionally, you can adjust your settings in our Cookie Management Center.

7. Web Analysis

We use cookies for this Website that enable the analysis of your surfing behavior (service-related cookies). For this, we use the web analysis service “Piwik Pro”. This service only uses pseudonymized data with shortened IP addresses such as date and time of page view, duration of the visit, frequency of page view or pages referring you to this Website. You can activate and deactivate these cookies as outlined in Section 6.4.

Content and third-party technology

8. Content and Third-Party Technology

For embedding HDI videos, we use content and technology of the online video service Vimeo. This service is operated by Vimeo, LLC, with headquarters at 555 West 18th Street, New York, NY 10011, United States of America.

When retrieving pages from this Website containing a Vimeo plug-in, a connection to the servers of Vimeo is established, and the plug-in displayed. This transmits information on which of our pages you have visited to the Vimeo server by transferring your IP address. If you are logged on to Vimeo as a member, Vimeo assigns this information to your personal Vimeo user account. When using the plug-in, for example by clicking the start button of a video, this information is also attributed to your account. Additional information about usage may be collected, e.g. which, when and for how long you have viewed a video. You can prevent such attribution by logging off from your Vimeo account and deleting the respective Vimeo cookies before using this Website.

Vimeo accesses the tracker of Google Analytics via the iframe inside which the video is being displayed. We have no access to this tracking by Vimeo. You can prevent transmission and use of your data, which is generated by the cookie and relates to your use of this Website (including your IP address), to Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

Please note that we have no influence on the mode and scope of collection, use or processing of your data by Vimeo. For information on this, please consult the data protection information of Vimeo at https://vimeo.com/privacy.

Communication with us

9. Electronic Communications

9.1 Communication with us. On this Website, you may find various options to contact us. The communication between your browser and our servers is encrypted via SSL. You can see this in your browser by the "https://" in the address of this Website.

9.2 Newsletter. If you subscribe to one of our newsletters, we store your e-mail address, surname, first name, salutation (if applicable), and country of residence, as well as any voluntarily supplied information. We use these exclusively to provide our newsletter service. We collect statistics about when and how often the respective newsletter issues were read. This data is collected on a pseudonymized and statistical basis. This means that we do not record or store which individual recipient has opened an email. You may cancel your subscription to our newsletter at any time via a link provided in each issue. We will then delete your data from our mailing list. When you subscribe to our newsletter, we additionally store your IP address as well as the date and time of subscription and confirmation, in order to be able to provide proof that you have agreed to receive the newsletter and to protect the email address submitted, as well as to protect the Services from abuse.

10. Children’s Privacy and Age Limitations for this Website

This Website is intended for use by persons aged 18 or older. We do not knowingly collect personally identifiable information from persons under the age of 18. If we discover or are made aware that we have received personally identifiable information from an individual who indicates that he or she is, or whom we otherwise have reason to believe is, under the age of 18, we will delete such information from our systems. If you are a parent or guardian of a child under the age of 18 and believe he or she has disclosed personally identifiable information to us, please contact us as provided below. In any such event, a parent or guardian of a child under the age of 18 may review and request deletion of such child's personally identifiable information as well as prohibit the use thereof.

11. Links to Other Websites

This Website may contain links to other websites, applications, products and services provided or maintained by us, our affiliates and/or by third parties that may not follow the same privacy policies as applicable to this Website. These other websites, applications, products and services may use cookies, collect data and use the data in ways that are different from the way in which we use the information collected through this Website. When linking to another website, you should read that website’s privacy policy. Our Privacy Statement only governs information collected on or through this Website.

12. Assignment

We may assign our rights and duties under this Privacy Statement, including, without limitation, our rights in information collected through this Website, to any third party at any time without notice to you in connection with any sale, merger, acquisition, divestiture or liquidation of all or part of our business or assets related to this Website, all or substantially all of our business or assets, or as part of any reorganization or restructuring of our business.

13. Changes to this Privacy Statement

We reserve the right to modify this Privacy Statement at any time, and any modifications will be effective immediately upon posting, so you should check this page for any changes. We will post at the top of this Privacy Statement the date that modifications were last made, which should alert you to any changes since your last visit to this Website. Unless you are a resident of the European Union or other data subject under the GDPR (as defined below) our continued use of this Website is your agreement to the revised Privacy Statement.

14. General Information to Contact Us

We welcome any questions, comments or requests regarding our Privacy Statement. Please address such questions, comments or requests to us at [161 North Clark Street – 48th Floor, Chicago, IL 60601] or [info@us.hdi.global].

Additional Notices

15. Additional Notices to California Residents

15.1 California Do-Not-Track Disclosure. At this time, this Website is not set up to honor web browser do-not-track settings.

15.2 Information on Marketing Disclosures. California Civil Code Section 1798.83 permits our users who are California residents to request and obtain from us once a year, free of charge, information about the personal data (if any) we disclosed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal data that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us at [161 North Clark Street – 48th Floor, Chicago, IL 60601] or [info@us.hdi.global].

15.3 Content Removal Requests for Users Under 18 Years Old. If you are a user under 18 years of age and reside in California, you may request and obtain removal of, content or information that you have posted on this Website. You may send us any such requests by one of the following methods: (i) by email (writing “Privacy Statement – Removal Request” in the subject line) at [info@us.hdi.global]; or (ii) by writing to us at [161 North Clark Street – 48th Floor, Chicago, IL 60601]. We will review the request and respond promptly. You should be aware that a request to remove content or information posted by you on this Website does not ensure or require complete or comprehensive removal of such content or information from our databases.

16. Additional Notices to European Residents or Other Data Subjects under the GDPR

Persons who are residents of the member countries of the European Union (“EU”) or other data subjects covered by the EU’s General Data Protection Regulation, (EU) 2016/679 (the “GDPR”), have certain additional privacy rights under applicable law. The following provisions of this Section 16 provide an overview of these additional rights.

16.1 Legal Basis for Processing Personal data of European Union Residents or Other GDPR Data Subjects:When processing your personal data, we may rely on one or more of the following legal bases (or other available legal grounds), depending on the circumstances:

(a) Legitimate Interests – we may process your personal data where we have a legitimate interest in such processing for managing, operating or promoting our business, and that legitimate interest is not overridden by your interests, fundamental rights or freedoms.(b) Consent – we may process your personal data where we have obtained your consent to the processing.(c) Contractual Necessity – we may process your personal data where such processing is necessary in connection with any contract that we have with you.(d) Legal Requirements – we may process your personal data where such processing is required by applicable law.

16.2 Disclosures to Third PartiesYour personal data will not be disclosed to third parties except for where it is necessary for fulfillment of our obligations to you or where we are obliged or permitted to do so by law (including, without limitation, through the terms of any agreement we may have with you), or where we make disclosures that are otherwise consistent with the uses described in this Privacy Statement. We may also disclose any information (including personal data) relating to you to law enforcement authorities or any regulatory or government authority in response to any request including requests in connection with the investigation of any suspected illegal activities.

We reserve the right to transfer any personal data we have about you in the event we sell or transfer all or a portion of our business or assets, or merge with another organization. Should such a sale, transfer or merger occur, we will use reasonable efforts seeking to require that the transferee uses personal data you have provided to us in a manner that is consistent with this Privacy Statement.We will not sell, resell or lease your personal data to any third parties but we may, if required for the purpose(s) for which your personal data was collected and processed, share it with our partners and/or service providers to enable them to provide their services to us or to you, as applicable. The foregoing are in addition to the other uses described elsewhere in this Privacy Statement.

16.3 Security of Personal data of European Residents or Other GDPR Data SubjectsWe have policies and technical and organizational measures in place which are intended to safeguard and protect your personal data against unauthorized access, accidental loss, improper use and disclosure. However, you should be aware that information transmitted over the internet is not completely secure because of the nature of the internet and that systems and measures used to secure information are not flawless. For these reasons, although we will use reasonable efforts to protect your personal data, we do not warrant the security of personal data transmitted to us or stored by us, and personal data that is transmitted to us by you electronically is done at your own risk.

16.4 Retention of Personal data of European Residents or Other GDPR Data SubjectsOur policy is to retain your personal data only for as long as is necessary to fulfill the purposes for which we collected such personal data, including for the purposes of satisfying any professional, legal, accounting or reporting requirements to which we are subject. To determine the appropriate retention period for personal data, we consider the scope, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we collected and processed your personal data and whether we can achieve those purposes through other means, and any applicable legal and professional requirements.

16.5 Your Rights as a European Resident or Other GDPR Data SubjectYou have a number of rights concerning your personal data that we hold and use, including the following:

(a) Right of Access – You have the right to be informed about what personal data we hold about you and to a copy of this personal data.(b) Right to Rectification – You have the right to have any inaccurate personal data which we hold about you updated or corrected.(c) Right to Erasure – In certain circumstances you may request that we delete the personal data that we hold about you.(d) Right to Complain – You have the right to lodge a complaint regarding the processing of your personal data to an applicable governmental or supervisory authority in your country.(e) Right to Withdraw Consent – Where processing of personal data is based on your consent, you have the right to withdraw such consent at any time.(f) Right to Object – Where we rely on our legitimate interests to process your personal data, you have the right to object to such use and we are required to discontinue such processing unless we can demonstrate an overriding legitimate interest in such processing.(g) Right to Restriction – You have the right to request that we stop using your personal data in certain circumstances including if you believe that the personal data we hold about you is inaccurate or that our use of your personal data is unlawful. If you validly exercise this right, we will store your personal data and will not carry out any other processing until the issue is resolved.

You may exercise any of the above requests in writing to us at [161 North Clark Street – 48th Floor, Chicago, IL 60601] or [info@us.hdi.global]. You are also free at any time to request that we stop using your personal data for marketing purposes by contacting us at [161 North Clark Street – 48th Floor, Chicago, IL 60601] or [info@us.hdi.global].